The Missing Link(edIn)

26 May 2016 by Jenn Granger

Alright so say you’ve got a house, an office, a car and a safe deposit box (congratulations, you’re an adult). You wouldn’t use the same key across all of those things, right? And – especially if you did – you wouldn’t leave those places unattended without an alarm, yeah? You’ve probably heard about the mega LinkedIn breach and unfortunately many people are doing the digital equivalents of those things. Here’s how you can set up alerts for when you’re pwned and some good security practice to boot.

If you’re not familiar with the tale of the LinkedIn hack listen in lads – back in 2012 a whole mess of passwords and emails were nicked from the company’s system. They guesstimated at about 6.5m compromised accounts but, four years later, turns out it’s more like 165m and some peach is trying to sell all your bizniss on the dark web. So here’s where we’re at.

The company said on Monday that it had finished resetting all the passwords but it’s probably still a good idea to change your passwords. The site – and our security arm Secarma – recommends implementing two factor authentication (2FA) as standard on all your accounts too; when you log into an account you’ll have a code text to your mobile, for example, that you have to put in before you’re granted access as an extra layer (or second factor, if you will) of protection.

Security researcher Troy Hunt is all over the hack and his website – haveibeenpwned.com – will tell it to you straight; just pop your email address in and you’ll find out if you’ve been hit and which accounts. Troy’s site will also let you set up email notifications to let you know when you’ve been ‘pwned’ (the alarm part of my earlier, tenuous analogy).

Unfortunately it’s also another example of how bad the UK is at passwords – most of the passwords in the dump were ‘123456’ (which appears more than a million times – not quite the unique special snowflake you thought you were hey?) ‘password’ or the ever-original ‘LinkedIn’. We really need to up our game guys – don’t think you’d need to be a hardened harcker to guess those.

Also as always, a wee reminder not to use the same passwords across different accounts probably won’t go amiss – once it’s out there they can potentially access any other account that has the same info so even if you’re thinking you don’t have any card info or whatever linked to your LinkedIn then there are still ways they can get to that (the same set of keys for every lock part).

For the security solutions that UKFast offers to help keep your business protected take a look at our website or give us a call on 0208 045 4945.